Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Block 0.0.0.0/8 from internet card by default
The 0.0.0.0/8 subnet refers to "this network", (c.f. RFC 3330) and in particular, 0.0.0.0 can be used to refer to the local computer. As such, it should be blocked by default, as loopback addresses currently are. This default configuration was relevant to a challenge in the ALLES! CTF 2020 competition, see https://play.allesctf.net/tasks/ALLES!Craft or https://ctftime.org/event/1091. The challenge involved multiple servers interconnected with Waterfall as a proxy, to enable server teleportation. The solution to the challenge was to use an internet card on one of the servers to connect to 0.0.0.0, bypassing the Waterfall proxy, and replay or reverse proxy a Minecraft handshake in Lua, which allowed spoofing as a different user.
- Loading branch information